CVE-2020-7029

Published: Aug 11, 2020Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the System Management Interface Web component of Avaya Aura Communication Manager and Avaya Aura Messaging. This vulnerability could allow an unauthenticated remote attacker to perform Web administration actions with the privileged level of the authenticated user. Affected versions of Communication Manager are 7.0.x, 7.1.x prior to 7.1.3.5 and 8.0.x. Affected versions of Messaging are 7.0.x, 7.1 and 7.1 SP1.

Affected (5)

Products: Avaya: Aura Communication Manager, Aura Messaging

Avaya

2 products

Aura Communication Manager

Aura Messaging

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Avaya Aura Communication Manager	From 7.0 to 7.1.3.4
Avaya Aura Communication Manager	From 8.0 to 8.1.0.0
Avaya Aura Messaging	From 7.0 to 7.1
Avaya Aura Messaging	Version 7.1
Avaya Aura Messaging	Version 7.1 sp1

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://support.avaya.com/css/P8/documents/101070201

Source: securityalerts@avaya.com

Vendor Advisory

https://support.avaya.com/css/P8/documents/101070201

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.